// Copyright (c) 2002 Graz University of Technology. All rights reserved.
// 
// Redistribution and use in source and binary forms, with or without modification,
// are permitted provided that the following conditions are met:
// 
// 1. Redistributions of source code must retain the above copyright notice, this
//    list of conditions and the following disclaimer.
// 
// 2. Redistributions in binary form must reproduce the above copyright notice,
//    this list of conditions and the following disclaimer in the documentation
//    and/or other materials provided with the distribution.
// 
// 3. The end-user documentation included with the redistribution, if any, must
//    include the following acknowledgment:
// 
//    "This product includes software developed by IAIK of Graz University of
//     Technology."
// 
//    Alternately, this acknowledgment may appear in the software itself, if and
//    wherever such third-party acknowledgments normally appear.
// 
// 4. The names "Graz University of Technology" and "IAIK of Graz University of
//    Technology" must not be used to endorse or promote products derived from this
//    software without prior written permission.
// 
// 5. Products derived from this software may not be called "IAIK PKCS Wrapper",
//    nor may "IAIK" appear in their name, without prior written permission of
//    Graz University of Technology.
// 
// THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
// OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
// OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.

package iaik.pkcs.pkcs11.parameters;

import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.TokenRuntimeException;
import iaik.pkcs.pkcs11.objects.SecretKey;
import iaik.pkcs.pkcs11.wrapper.CK_SSL3_KEY_MAT_OUT;
import iaik.pkcs.pkcs11.wrapper.Constants;
import iaik.pkcs.pkcs11.wrapper.Functions;

/**
 * Objects of this class encapsulates key material output for the mechanism
 * Mechanism.SSL3_KEY_AND_MAC_DERIVE.
 *
 * @author Karl Scheibelhofer
 * @version 1.0
 * @invariants
 */
public class SSL3KeyMaterialOutParameters implements Parameters {

	/**
	 * The resulting Client MAC Secret key.
	 */
	protected SecretKey clientMacSecret_;

	/**
	 * The resulting Server MAC Secret key.
	 */
	protected SecretKey serverMacSecret_;

	/**
	 * The resulting Client Secret key.
	 */
	protected SecretKey clientKey_;

	/**
	 * The resulting Server Secret key.
	 */
	protected SecretKey serverKey_;

	/**
	 * The initialization vector (IV) created for the client (if any).
	 */
	protected byte[] clientIV_;

	/**
	 * The initialization vector (IV) created for the server (if any).
	 */
	protected byte[] serverIV_;

	/**
	 * Create a new SSL3KeyMaterialOutParameters object. It does not take any
	 * parameters, because they user does not need to set any of them. The token
	 * sets all of them, after a call to DeriveKey using the mechanism
	 * Mechanism.SSL3_KEY_AND_MAC_DERIVE. After the call to deriveKey, the
	 * members of this object will hold the generated keys and IVs.
	 *
	 * @param clientIV The buffer for the client initialization vector.
	 * @param serverIV The buffer for the server initialization vector.
	 * @preconditions (clientIV <> null)
	 *                and (serverIV <> null)
	 * @postconditions
	 */
	public SSL3KeyMaterialOutParameters(byte[] clientIV, byte[] serverIV) {
		if (clientIV == null) {
			throw new NullPointerException("Argument \"clientIV\" must not be null.");
		}
		if (serverIV == null) {
			throw new NullPointerException("Argument \"serverIV\" must not be null.");
		}

		clientIV_ = clientIV;
		serverIV_ = serverIV;
	}

	/**
	 * Create a (deep) clone of this object.
	 *
	 * @return A clone of this object.
	 * @preconditions
	 * @postconditions (result <> null)
	 *                 and (result instanceof SSL3KeyMaterialOutParameters)
	 *                 and (result.equals(this))
	 */
	public java.lang.Object clone() {
		SSL3KeyMaterialOutParameters clone;

		try {
			clone = (SSL3KeyMaterialOutParameters) super.clone();

			clone.clientMacSecret_ = (SecretKey) this.clientMacSecret_.clone();
			clone.serverMacSecret_ = (SecretKey) this.serverMacSecret_.clone();
			clone.clientKey_ = (SecretKey) this.clientKey_.clone();
			clone.serverKey_ = (SecretKey) this.serverKey_.clone();
			clone.clientIV_ = (byte[]) this.clientIV_.clone();
			clone.serverIV_ = (byte[]) this.serverIV_.clone();
		} catch (CloneNotSupportedException ex) {
			// this must not happen, because this class is cloneable
			throw new TokenRuntimeException("An unexpected clone exception occurred.", ex);
		}

		return clone;
	}

	/**
	 * Get this parameters object as an object of the CK_SSL3_KEY_MAT_OUT
	 * class.
	 *
	 * @return This object as a CK_SSL3_KEY_MAT_OUT object.
	 * @preconditions
	 * @postconditions (result <> null)
	 */
	public Object getPKCS11ParamsObject() {
		CK_SSL3_KEY_MAT_OUT params = new CK_SSL3_KEY_MAT_OUT();

		params.hClientMacSecret = (clientMacSecret_ != null) ? clientMacSecret_
		    .getObjectHandle() : 0L;
		params.hServerMacSecret = (serverMacSecret_ != null) ? serverMacSecret_
		    .getObjectHandle() : 0L;
		params.hClientKey = (clientKey_ != null) ? clientKey_.getObjectHandle() : 0L;
		params.hServerKey = (serverKey_ != null) ? serverKey_.getObjectHandle() : 0L;
		params.pIVClient = clientIV_;
		params.pIVServer = serverIV_;

		return params;
	}

	/**
	 * This method takes the key handles from the given input structure, which
	 * will be the result after a call to DeriveKey, and creates the SecretKey
	 * objects for this object. It also reads the IVs.
	 *
	 * @param input The structure that holds the necessary key handles and IVs.
	 * @param session The session to use for reading attributes.
	 *                This session must have the appropriate rights; i.e.
	 *                it must be a user-session, if it is a private object.
	 * @exception TokenException If reading the secret key object attributes fails.
	 * @preconditions (input <> null)
	 *                and (session <> null)
	 * @postconditions
	 */
	public void setPKCS11ParamsObject(CK_SSL3_KEY_MAT_OUT input, Session session)
	    throws TokenException
	{
		clientMacSecret_ = (SecretKey) iaik.pkcs.pkcs11.objects.Object.getInstance(session,
		    input.hClientMacSecret);
		serverMacSecret_ = (SecretKey) iaik.pkcs.pkcs11.objects.Object.getInstance(session,
		    input.hServerMacSecret);
		clientKey_ = (SecretKey) iaik.pkcs.pkcs11.objects.Object.getInstance(session,
		    input.hClientKey);
		serverKey_ = (SecretKey) iaik.pkcs.pkcs11.objects.Object.getInstance(session,
		    input.hServerKey);
		clientIV_ = input.pIVClient;
		serverIV_ = input.pIVServer;
	}

	/**
	 * Get the resulting client MAC secret key.
	 *
	 * @return The resulting client MAC secret key.
	 * @preconditions
	 * @postconditions (result == null)
	 */
	public SecretKey getClientMacSecret() {
		return clientMacSecret_;
	}

	/**
	 * Get the resulting server MAC secret key.
	 *
	 * @return The resulting server MAC secret key.
	 * @preconditions
	 * @postconditions (result == null)
	 */
	public SecretKey getServerMacSecret() {
		return serverMacSecret_;
	}

	/**
	 * Get the resulting client secret key.
	 *
	 * @return The resulting client secret key.
	 * @preconditions
	 * @postconditions (result == null)
	 */
	public SecretKey getClientSecret() {
		return clientKey_;
	}

	/**
	 * Get the resulting server secret key.
	 *
	 * @return The resulting server secret key.
	 * @preconditions
	 * @postconditions (result == null)
	 */
	public SecretKey getServerSecret() {
		return serverKey_;
	}

	/**
	 * Get the resulting client initialization vector.
	 *
	 * @return The resulting client initialization vector.
	 * @preconditions
	 * @postconditions
	 */
	public byte[] getClientIV() {
		return clientIV_;
	}

	/**
	 * Get the resulting server initialization vector.
	 *
	 * @return The resulting server initialization vector.
	 * @preconditions
	 * @postconditions
	 */
	public byte[] getServerIV() {
		return serverIV_;
	}

	/**
	 * Returns the string representation of this object. Do not parse data from
	 * this string, it is for debugging only.
	 *
	 * @return A string representation of this object.
	 */
	public String toString() {
		StringBuffer buffer = new StringBuffer();

		buffer.append(Constants.INDENT);
		buffer.append("Client MAC Secret key: ");
		buffer.append(Constants.NEWLINE);
		buffer.append(clientMacSecret_);
		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.NEWLINE);

		buffer.append(Constants.INDENT);
		buffer.append("Server MAC Secret key: ");
		buffer.append(Constants.NEWLINE);
		buffer.append(serverMacSecret_);
		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.NEWLINE);

		buffer.append(Constants.INDENT);
		buffer.append("Client Secret key: ");
		buffer.append(Constants.NEWLINE);
		buffer.append(clientKey_);
		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.NEWLINE);

		buffer.append(Constants.INDENT);
		buffer.append("Server Secret key: ");
		buffer.append(Constants.NEWLINE);
		buffer.append(serverKey_);
		buffer.append(Constants.NEWLINE);
		buffer.append(Constants.NEWLINE);

		buffer.append(Constants.INDENT);
		buffer.append("Client Initializatin Vector (hex): ");
		buffer.append(Functions.toHexString(clientIV_));
		buffer.append(Constants.NEWLINE);

		buffer.append(Constants.INDENT);
		buffer.append("Server Initializatin Vector (hex): ");
		buffer.append(Functions.toHexString(serverIV_));
		// buffer.append(Constants.NEWLINE);

		return buffer.toString();
	}

	/**
	 * Compares all member variables of this object with the other object.
	 * Returns only true, if all are equal in both objects.
	 *
	 * @param otherObject The other object to compare to.
	 * @return True, if other is an instance of this class and all member
	 *         variables of both objects are equal. False, otherwise.
	 * @preconditions
	 * @postconditions
	 */
	public boolean equals(java.lang.Object otherObject) {
		boolean equal = false;

		if (otherObject instanceof SSL3KeyMaterialOutParameters) {
			SSL3KeyMaterialOutParameters other = (SSL3KeyMaterialOutParameters) otherObject;
			equal = (this == other)
			    || ((((this.clientMacSecret_ == null) && (other.clientMacSecret_ == null)) || ((this.clientMacSecret_ != null) && this.clientMacSecret_
			        .equals(other.clientMacSecret_)))
			        && (((this.serverMacSecret_ == null) && (other.serverMacSecret_ == null)) || ((this.serverMacSecret_ != null) && this.serverMacSecret_
			            .equals(other.serverMacSecret_)))
			        && (((this.clientKey_ == null) && (other.clientKey_ == null)) || ((this.clientKey_ != null) && this.clientKey_
			            .equals(other.clientKey_)))
			        && (((this.serverKey_ == null) && (other.serverKey_ == null)) || ((this.serverKey_ != null) && this.serverKey_
			            .equals(other.serverKey_)))
			        && Functions.equals(this.clientIV_, other.clientIV_) && Functions.equals(
			        this.serverIV_, other.serverIV_));
		}

		return equal;
	}

	/**
	 * The overriding of this method should ensure that the objects of this class
	 * work correctly in a hashtable.
	 *
	 * @return The hash code of this object.
	 * @preconditions
	 * @postconditions
	 */
	public int hashCode() {
		return ((clientMacSecret_ != null) ? clientMacSecret_.hashCode() : 0)
		    ^ ((serverMacSecret_ != null) ? serverMacSecret_.hashCode() : 0)
		    ^ ((clientKey_ != null) ? clientKey_.hashCode() : 0)
		    ^ ((serverKey_ != null) ? serverKey_.hashCode() : 0);
	}

}
